Interesting People mailing list archives
more on Bank loses tape with personal information on 90,000 customers
From: David Farber <dave () farber net>
Date: Thu, 12 Jan 2006 16:27:21 -0500
Begin forwarded message: From: Richard Wiggins <richard.wiggins () gmail com> Date: January 12, 2006 2:42:35 PM EST To: David Farber <dave () farber net> Cc: shoop () iwiring netSubject: Re: [IP] Bank loses tape with personal information on 90,000 customers
> In most all cases the data is encrypted. Dave,This claim needs documentation, as it does not match recent news stories. In fact, it seems to be the case that the standard practice is to encrypt data when it goes over a network wire, but not to encrypt it when stored inside the data center or backed up to tape or sent via tape for offsite storage.
-- News coverage of the People's Bank incident does not imply that the tapes were encrypted; instead, the bank says that in the future they will use encrypted network transmission.
-- "CitiFinancial lost tapes containing data for 3.9 million customers; Bank of America, 1.2 million customers; Time Warner, 600,000 customers; and Ameritrade, 200,000 customers, the Privacy Rights group reported last week. Overall, almost 52 million people had their personal information put at risk as a result of data heists in 2005, the watchdog group said." -- http://www.orlandosentinel.com/business/orl- banks0206jan02,0,5638345.story?coll=orl-business-headlines
-- "The Marriott time-share case came shortly after another mysterious data-tape disappearance reported by a Michigan-based lender.In a Dec. 18 letter to customers, ABN AMRO Mortgage Group said the tape went missing during shipment by DHL, the express-delivery service. Although there was no evidence of wrongdoing, ABN alerted authorities and made a free credit-monitoring service available to customers for 90 days. About 2 million customers were at risk from the apparent security breach, according to an estimate from the Privacy Rights Clearinghouse. A week later, however, ABN reported the tape had been found in the same DHL shipping facility to which it had been previously traced. Employee error at DHL was blamed for the miscue. ABN reassured customers there was little chance the data had been misused, but it continued to offer the temporary credit-monitoring service." [ibid.]
/rich On 1/12/06, David Farber <dave () farber net> wrote: Begin forwarded message: From: Dan Shoop <shoop () iwiring net > Date: January 12, 2006 9:41:01 AM EST To: dave () farber net, ip () v2 listbox comSubject: Re: [IP] Bank loses tape with personal information on 90,000 customers
This actually happens all the time. The bank FedEx's or otherwise sends a tape, it get's lost. This happens. In a past life as a datacenter manager at Citibank we used to receive palettes of tapes by FedEx every morning from Sioux Falls, SD, where the credit card processing center was, a truck of tapes having better bandwidth at lower cost that any telco line. Occassionally tapes got lost, it was no big deal and no one thought much of it other than to request another copy. California, IIRC, was the first state to mandate that any lost customer records of any sort has to be reported, and other states have followed suit. Since such laws been enacted that it must be reported it's been getting recent press and what is actually a common occurance is now "news". The risk from this is considered very low. In most all cases the data is encrypted. Even if it wasn't other policies prevent keeping say account numbers and names, or other required pieces of information necessary to commit a fraud or identity theft with information together in the same place at once. Having names and Social Security numbers together is considered low risk since this information is readily available through numerous sources. -- -dhan ------------------------------------------------------------------------ Dan Shoop AIM: iWiring Systems & Networks Architect http://www.iwiring.net/ shoop () iwiring net http://www.ustsvs.com/ 1-646-217-4725 pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B iWiring provides systems and networks support for Mac OS X, unix, and Open Source application technologies at affordable rates. ------------------------------------- You are subscribed as galler () umich edu To manage your subscription, go to http://v2.listbox.com/member/?listname=ipArchives at: http://www.interesting-people.org/archives/interesting- people/
------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Bank loses tape with personal information on 90,000 customers David Farber (Jan 12)
- <Possible follow-ups>
- more on Bank loses tape with personal information on 90,000 customers David Farber (Jan 12)
- more on Bank loses tape with personal information on 90,000 customers David Farber (Jan 12)